Happy New Year from Team ICPC!
Unfortunately last year’s mess that was the hack of Sony Pictures Entertainments has followed us into 2015 and tensions continue to rise between the United States and North Korea. Despite a growing chorus of voices that suggest the hermit kingdom may not have been responsible for the hack, the United States continues to pull what few, essentially symbolic, levers it can to put further pressure on the regime. With the back and forth likely to drag on with little meaningful resolution, it might be worth considering how the White House could make some kimchi out of all this cabbage.
And if North Korea isn’t a satisfying culprit, head over to sony.attributed.to for some alternative cyber vandals (just click refresh til you’ve found your offender of choice!).
The evolution of the Sony incident from a corporate and criminal matter into one of national security has reignited debate around what constitutes a ‘cyber attack’ as opposed to ‘cybercrime’. Former head of Allied Command Ops in NATO Admiral James Stavridis wades into the debate, exploring the elements of the use of force in cyberspace to build the foundational definition:
A cyber attack is the deliberate projection of cyberforce resulting in kinetic or nonkinetic consequences that threaten or otherwise destabilize national security; harm economic interests; create political or cultural instability; or hurt individuals, devices or systems.
While the Sony debacle ultimately failed to save us from The Interview, it may be the much-needed push to drive public–private cooperation on cybersecurity. In Washington there’s a new sense of urgency on cyber issues, with most observers pointing to information-sharing legislation as a likely winner in 2015.
The development of robust information-sharing mechanisms is vital, especially in light of recent findings from IBM that despite a 50% decrease in retail cyber attacks, data theft continues to rise, hitting 61 million records from retailers in 2014.
Such large figures may make cybercrime seem like a distant and impersonal phenomenon. But there is a real, human cost as Alina Simone found out when her mum’s PC was held for ransom. While Alina had a positive experience with the Bitcoin ATM repairman, bitcoin is proving to be much more of a headache for prosecutors and investigators of cybercrime. With cybercrime likely to continue topping the cyber news throughout 2015, Australia should look for the silver lining and use cybercrime cooperation to boost ties with others in the Asia Pacific, especially China.
Also in our neighbourhood, Japan is looking to boost its cyber maturity with the establishment of a Headquarters of Cyber Security Strategy, under Chief Cabinet Secretary Suga. The HQ will have the legal authority to require organisations targeted by cyber attacks to submit information on the incident. Japan is also looking to boost international cooperation, with an agreement with Israel to expand joint research grants and increase cooperation on cyber and information security.
This year is set to be a consequential one for Internet governance. With the IANA transition set to occur in September, expect to see negotiations heat up. The Washington Post has planted its flag, calling on the US to Protect the Internet: Keep the Contract with ICANN, to which recently retired Swedish Foreign Minister Carl Bildt quickly retorted ‘Internet governance battle heating up. But for US to keep contract with ICANN no viable option. Transition necessary.’ For an interesting look at the bread-and-butter business of ICANN, names and numbers, tune into the team at podcast series Reply All as they explore the ‘Byzantine underworld of domain sales.’
Along with names and numbers, an oft-underappreciated dimension of cyber is the undersea cables that provide the backbone of internet connectivity. One can simply look to Vietnam to understand the importance of this dimension of physical cybersecurity, where for the fourth time in a year, a cut in the AAG submarine cable has disrupted Internet service across the country. But if your submarine cables are intact (lucky you), and you’ve got the rest of the day to spare (even luckier you), take the time to check out the Krebs on Security rundown of the top cyber attack maps.